15 Zap Jobs

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 810 years of Overall experience in IT . 56 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelors degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Hiring for Security Test Engineer at Bangalore location Role: Security Test Engineer Exp: 2 - 7 Years Job location: Bangalore Notice Period: Immediate joiners only - Must Work Mode: Hybrid Interview Mode: 2 rounds ( Virtual & F2F round is Must ) Direct Responsibilities: To perform Penetration testing (Gray Box and/or Black Box), for Web applications, Thick Client, API, and mobile applications. Understand and deep knowledge of application security engineering principles to follow secure development practices which includes secure build processes, secure code review, security testing. Understanding of the security tools in DevOps Processes Knowledge of one or more scripting languages for automation Collaborate with the developers to help them understand the vulnerabilities reported in application. Contributing Responsibilities To understand the applications security requirements and identify & document the scope of the test. Ensure execution of the documented security scenarios for the application under test. Document and report all findings. Escalate issues to the local management and onshore stakeholders in case it affects the testing progress. Ensure processes for the project is followed for the assessments. Help review peer's work and mentor junior members in the team. Technical & Behavioral Competencies: Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player Interested candidates can share your updated profile to premkumar.m@kiya.ai

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 8–10 years of Overall experience in IT . 5–6 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelor’s degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High – directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Job Title: Security Engineer Location: Chennai (5 Days Onsite) Employment Type: Contract Role Overview We are seeking a skilled and detail-oriented Security Engineer to join our team in Chennai on a contract basis. The ideal candidate will have hands-on experience in application security testing, static code analysis, and vulnerability assessments for web and mobile applications. Key Responsibilities Perform Application Security Testing using tools such as Burp Suite, ZAP , and Postman . Conduct OWASP Top 10 assessments and ensure adherence to secure coding practices. Implement and manage Static Application Security Testing (SAST) using tools like SonarQube, Fortify, Checkmarx , and Semgrep . Execute Vulnerability Assessment and Penetration Testing (VAPT) for web and mobile applications. Collaborate with development and DevOps teams to identify and remediate security vulnerabilities. Provide detailed reports and recommendations for security improvements. Required Skills Strong experience in OWASP-based security testing . Proficiency with Burp Suite, ZAP , and API testing tools like Postman . Hands-on experience with SAST tools : SonarQube, Fortify, Checkmarx, Semgrep . Experience in VAPT for web and mobile applications . Good understanding of secure software development lifecycle (SSDLC).

Dear Candidate, We are hiring a Penetration Tester to simulate attacks and discover security vulnerabilities in critical systems. Perfect for professionals skilled in offensive security techniques. Key Responsibilities: Conduct penetration tests on web, mobile, and network systems Document vulnerabilities and remediation recommendations Develop exploits and custom testing tools Collaborate with developers to address findings Required Skills & Qualifications: Proficiency with penetration testing tools (Burp Suite, Metasploit, Nmap) Strong understanding of application and network security Experience writing exploit scripts (Python, Bash) Bonus: OSCP, OSWE, or CEH certification Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Job ID/Reference Code INFSYS-NAUKRI-210555 Work Experience 5-9 Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements

AM Enterprise is hiring a remote Red Team Security Specialist to simulate cyberattacks, perform penetration tests, and collaborate with Blue Team members to enhance cybersecurity defenses. Requires expertise in penetration testing tools, scripting. Health insurance Annual bonus Office cab/shuttle

Dear Candidate, We are looking for a skilled Penetration Tester to identify and exploit vulnerabilities in systems, networks, and applications. If you have expertise in ethical hacking, red teaming, and security assessments, we'd love to hear from you! Key Responsibilities: Perform penetration testing and ethical hacking on web applications, networks, and systems. Identify security vulnerabilities and provide remediation recommendations. Simulate real-world cyber attacks to test security controls. Utilize tools like Burp Suite, Metasploit, and Kali Linux for security assessments. Document findings in detailed security reports. Collaborate with development and security teams to enhance security measures. Stay updated with the latest hacking techniques, threats, and vulnerabilities. Required Skills & Qualifications: Strong knowledge of penetration testing methodologies (OWASP, OSSTMM). Hands-on experience with security tools like Nmap, Nessus, and Wireshark. Proficiency in scripting for automation (Python, Bash, PowerShell). Knowledge of web security vulnerabilities (XSS, SQL Injection, CSRF). Familiarity with cloud security testing (AWS, Azure, GCP). Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions. Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Dear Candidate, We are seeking a skilled DevOps Engineer to join our team. The ideal candidate will be responsible for streamlining the software development and deployment process, automating workflows, and ensuring that our systems are scalable, secure, and reliable. You will collaborate closely with development, operations, and product teams to build and maintain infrastructure and ensure continuous integration and delivery. Role & Responsibilities: Automation & Scripting : Design and implement automated systems for deployment, monitoring, and infrastructure management using tools like Terraform , Ansible , or Chef . Continuous Integration/Continuous Deployment (CI/CD) : Develop and manage CI/CD pipelines using tools like Jenkins , GitLab CI , or CircleCI to enable rapid and reliable software deployment. Infrastructure Management : Manage and maintain cloud infrastructure (AWS, GCP, Azure) and on-premise systems, ensuring high availability, scalability, and security. System Monitoring & Performance : Monitor system performance, including application uptime, server health, and resource utilization. Use monitoring tools like Prometheus , Grafana , or Datadog to ensure smooth operation. Collaboration with Development Teams : Work closely with development teams to ensure the continuous delivery of high-quality software and streamline the development process. Security & Compliance : Implement and maintain security practices such as automated patch management, vulnerability scanning, and encryption to safeguard infrastructure. Version Control & Repository Management : Utilize version control systems like Git and repository management tools like GitHub or Bitbucket for code collaboration and management. Required Skills & Qualifications: DevOps Tools & Technologies : Strong experience with DevOps tools such as Jenkins , Docker , Kubernetes , Terraform , Ansible , Chef , and Puppet . Cloud Platforms : Extensive experience with cloud services like AWS , GCP , or Azure to build, manage, and scale infrastructure. Automation & Scripting : Proficiency in scripting languages like Python , Bash , or Ruby to automate repetitive tasks and streamline workflows. Containerization & Orchestration : Hands-on experience with Docker , Kubernetes , or other container orchestration tools for building and managing containers. CI/CD Practices : Expertise in setting up and maintaining CI/CD pipelines to automate the build, testing, and deployment processes. Infrastructure as Code (IaC) : Experience with Terraform or CloudFormation to manage infrastructure resources as code. Version Control : Proficiency in version control systems, specifically Git , for managing codebases and collaborating with teams. Monitoring & Logging : Familiarity with monitoring tools like Prometheus , Grafana , Datadog , or New Relic to ensure system health and performance. Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Job Summary:We seek a skilled and motivated DevSecOps Engineer to join our dynamic run team. In this role, he/she will be responsible will include leveraging comprehensive scanning capabilities to identify vulnerabilities, misconfigurations, and compliance issues across our IT environment. He/she will work closely with development, operations, and security teams to integrate security best practices into our CI/CD pipeline and improve our overall security posture. This role requires a strong understanding of offensive and defensive security principles and proficiency in scripting and automation. The ideal candidate is a problem solver, a team player, and passionate about securing modern IT environments. Responsibilities:Vulnerability Scanning and Analysis:Perform regular vulnerability scans of servers, workstations, cloud infrastructure, and other assets using Qualys or Burp. Analyze scan results to identify critical vulnerabilities, misconfigurations, and compliance violations. Prioritize vulnerabilities based on risk and business impact. Manually validate and verify vulnerabilities to reduce false positives and refine scan settings. Remediation and Reporting:Work closely with application teams, system administrators, and other stakeholders to communicate vulnerability findings and guide remediation efforts. Track remediation progress using Excel and other tracking tools. Generate detailed reports on vulnerability trends, remediation status, and overall security posture. Present findings to technical and management audiences. DevSecOps Integration:CI/CD Pipelines:Design, build, and maintain CI/CD pipelines with security integrated throughout the process. Familiarity with tools like Jenkins, GitLab CI, and Azure DevOps. Automate vulnerability remediation tasks using Ansible playbooks. Collaborate with development teams to implement secure coding practices and improve application security. Work with DevSecOps engineers to build out automated security testing pipelines. Automation and Scripting:Develop and maintain Ansible playbooks to automate vulnerability patching, configuration hardening, and compliance checks. Use scripting languages (e.g., Python, Bash) to create custom tools and scripts for vulnerability analysis and reporting. Data Analysis and Visualization:Utilize Power BI to create dashboards and reports that provide management visibility into security posture and remediation efforts. Analyze vulnerability data to identify trends, patterns, and areas for improvement. Present findings to management clearly and concisely. Compliance and Governance:Ensure compliance with relevant security standards and regulations (e.g., PCI DSS, HIPAA, SOC). Assist with security audits and assessments. Stay up to date on the latest security threats and vulnerabilities. Continuous Improvement:Continuously evaluate and improve our vulnerability management processes and procedures. Research and recommend new security tools and technologies. Participate in security incident response activities. Technical Skills and Qualifications:Required:3+ years of experience in security vulnerability scanning and analysis. Expert level experience with Vulnerability Management Strong understanding of vulnerability assessment methodologies and tools (e.g., OWASP, NIST). Proven experience with automation and configuration management. Understand at least one scripting language (e.g., Python, Bash, PowerShell). Experience with integrating security tools into CI/CD pipelines. Excellent working knowledge of Power BI and Excel for data analysis and reporting. Ability to create complex dashboards and reports. Solid understanding of networking concepts, operating systems (Windows, Linux), and cloud environments (e.g., AWS, Azure, GCP). Excellent communication, collaboration, and problem solving skills. Ability to work independently and as part of a team. Preferred:Some experience with other security tools such as Burp Suite, Invicti, SonarQube, Zap, et

Project Role :Application Developer Project Role Description :Design, build and configure applications to meet business process and application requirements. Must have skills :Spring Boot Good to have skills :NA Minimum 7.5 year(s) of experience is required Educational Qualification :15 years full time education Summary:As an Application Developer, you will design, build, and configure applications to meet business process and application requirements. You will be responsible for ensuring the smooth functioning of applications and meeting the needs of the organization. Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Collaborate with stakeholders to gather requirements and understand business needs. Design and develop high-quality software solutions using Spring Boot. Perform code reviews and ensure adherence to coding standards. Troubleshoot and debug applications to identify and fix issues. Contribute to the continuous improvement of software development processes and practices. Professional & Technical Skills: Must Have Skills:Strong Proficiency in Spring Boot, Java Enterprise Edition, Restful Services, Microservices and Light Weight Architecture. Must Have Skills:7+ years' experience in Java/functional programming with java 11+, Spring Boot, REST-API, Kotlin, GraphQL, grpc, Postman Must Have Skills:7+ years' experience and exposure to Applications Integration patterns, J2EE patterns, Microservices Patterns and Streaming Services Integrations [Like Kafka. MQSeries, RabbitMQ etc.), Caching Patterns and Frameworks Must Have Skills:Any Cloud Exposure with Knowledge of Dockers and Kubernetes Containers and Deployment exposure. Must Have Skills:Version Control Tools such as GitLab or similar, understanding of code branching strategies, deployment process including CI/CD exposure. Must Have Skills:Knowledge of Code Review Tools:SonarQube, PMD, Check Style, Veracode, Check Marx, OWASP-ZAP, Testing:JUnit, Mocking Frameworks, Postman or similar Nice to Have Skills:Front End Development Experience with React.js, JavaScript, including DOM manipulation, Object-Oriented concepts, design patterns,Additionally, Strong understanding of software development principles and best practices. Experience with Agile development methodologies. Excellent problem-solving and analytical skills. Additional Information: The candidate should have a minimum of 7.5 years of experience in Spring Boot. This position is based at our Bengaluru office. A 15 years full-time education is required. Qualifications 15 years full time education

What are we looking for? We are looking for a highly skilled and motivated Application Security Specialist to join our team. The ideal candidate will have expertise in application security, a passion for finding and mitigating vulnerabilities, and the ability to work in a collaborative environment to ensure the security of our software applications. Should have strong problem-solving skills, a keen eye for detail, and the ability to communicate effectively with cross-functional teams. Key Attributes: Strong knowledge of application security principles, methodologies, and best practices. Hands-on experience with security testing tools and techniques. Experience with secure software development practices (SDLC) and vulnerability management. Knowledgeable on Web applications and APIs functioning. Ability to conduct threat modelling and risk assessments. In-depth understanding of modern programming languages and web technologies. Strong communication skills to convey technical security risks to non-technical stakeholders. What does the job entail? As an Application Security Specialist, you will be responsible for ensuring the security of our applications throughout their development lifecycle. Your duties will include: Security Assurance and Assessments: Ensure that security standards are implemented throughout the software development lifecycle (SDLC), including in design, development, testing, and deployment. Preparing best practices for API security, and assessing system compliance against this. Guiding teams in implementing secure authentication, authorization, data protection, and other security measures. Performing regular security assessments, including static and dynamic analysis, penetration testing, and code reviews. Vulnerability Management Track, analyze, and report vulnerabilities found during security assessments. Provide remediation guidance and prioritize risks based on business impact. Collaborate with development teams to ensure remediation in a timely manner. Security Best Practices: Develop, maintain, and enforce security guidelines, processes, and policies related to secure application development Ensure compliance with industry security standards such as OWASP Top 10, etc. Technology Risk Assessment: Conducting vulnerability assessments to identify risks in both existing and new applications. Identifying potential attack vectors and providing mitigation strategies. Collaboration with Cross-Functional Teams: Working closely with Infosec, IT teams and external partners/vendors to ensure security is considered at every stage of application development. Reviewing and analyzing the security posture of third-party services and vendors. Education: Bachelor's degree in any engineering practice. Other certifications in application security such as below are Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) GIAC Web Application Penetration Tester (GWAPT) (ISC) Certified Information Systems Security Professional (CISSP) ISACA Certified Information Security Manager (CISM) Work exp: Minimum of 6-8 years of experience in application security or a related field. Strong experience in application security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify). Proven experience in secure software development practices and conducting risk assessments and threat modelling. Experience working with web and mobile application security, as well as cloud-based services (AWS, Azure, etc.). Familiarity with common vulnerabilities (e.g., SQL injection, XSS, CSRF) and knowledge of frameworks like OWASP Top 10. Hands-on experience in penetration testing and vulnerability scanning. Preferred: Knowledge of cloud-native security practices and containers (Docker, Kubernetes) and API Security. Familiarity with DevSecOps practices. Experience in working with agile development teams.

Job Title IT Testing Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering * Location of posting is subject to business requirements